CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20124
https://notcve.org/view.php?id=CVE-2020-20124
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. Wuzhi CMS versión v4.1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) en el archivo \attachment\admin\index.php • https://cwe.mitre.org/data/definitions/96.html https://github.com/wuzhicms/wuzhicms/issues/188 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20122
https://notcve.org/view.php?id=CVE-2020-20122
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. Wuzhi CMS versión v4.1, contiene una vulnerabilidad de inyección SQL en la función checktitle() en el archivo /coreframe/app/content/admin/content.php • https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/blob/master/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17426
https://notcve.org/view.php?id=CVE-2018-17426
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. WUZHI CMS, en su versión 4.1.0, tiene Cross-Site Scripting (XSS) persistente mediante los campos "Extension module" y "SMS in station" en el URI index.php?m=core. • https://github.com/wuzhicms/wuzhicms/issues/154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17425
https://notcve.org/view.php?id=CVE-2018-17425
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. WUZHI CMS, en su versión 4.1.0, tiene Cross-Site Scripting (XSS) persistente mediante los campos "Membership Center", "I want to ask" y "detailed description" en el URI index.php?m=member. • https://github.com/wuzhicms/wuzhicms/issues/153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9107
https://notcve.org/view.php?id=CVE-2019-9107
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=attachmentf=imagecutv=initimgurl=[XSS] en coreframe/app/attachment/imagecut.php. • https://gist.github.com/redeye5/ccbbc43330cc9821062249b78c916317 https://github.com/wuzhicms/wuzhicms/issues/169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •